PostgreSQL Archives • Daily CyberSecurity

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning PostgreSQL Security Update 2026 PostgreSQL CVE-2026-6637 Patch CVE-2024-10979 PostgreSQL vulnerability

PostgreSQL Security Update 2026 PostgreSQL CVE-2026-6637 Patch CVE-2024-10979 PostgreSQL vulnerability

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning

Do Son May 19, 2026

The PostgreSQL Global Development Group has issued a synchronized security update across all actively supported branches, eliminating...

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE PostgreSQL pgcrypto PoC Exploit CVE-2026-2005 Public Disclosure

PostgreSQL pgcrypto PoC Exploit CVE-2026-2005 Public Disclosure

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE

Do Son May 19, 2026

A critical heap buffer overflow vulnerability lurking in PostgreSQL’s core cryptographic extension for over two decades has...

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine Marten .NET SQL Injection CVE-2026-45288

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine

Do Son May 19, 2026

A severe vulnerability discovered in Marten, a highly popular .NET transactional document store and event store library,...

Critical 9.4 CVSS pgAdmin 4 Flaws Enable Full OS Command Execution pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

Critical 9.4 CVSS pgAdmin 4 Flaws Enable Full OS Command Execution

Do Son May 15, 2026

In a major security overhaul, pgAdmin, the world’s most popular open-source administration platform for PostgreSQL, has released...

Kubernetes Alert: 9.4 Severity RCE in CloudNativePG Enables PostgreSQL Superuser Takeover CloudNativePG RCE Vulnerability CVE-2026-44477

Kubernetes Alert: 9.4 Severity RCE in CloudNativePG Enables PostgreSQL Superuser Takeover

Do Son May 15, 2026

In a critical discovery for Kubernetes-based database environments, researchers have unveiled a severe privilege escalation and Remote...

Critical LiteLLM SQL Injection (CVE-2026-42208) Exploited in the Wild LiteLLM SQL Injection CVE-2026-42208 LiteLLM Vulnerability AI Infrastructure Security

LiteLLM SQL Injection CVE-2026-42208 LiteLLM Vulnerability AI Infrastructure Security

Critical LiteLLM SQL Injection (CVE-2026-42208) Exploited in the Wild

Do Son April 28, 2026

Security researchers have sounded the alarm on a critical vulnerability in LiteLLM, a massively popular open-source gateway...

Total Database Collapse: Inside the ElectricSQL CVSS 10.0 SQL Injection ElectricSQL SQL Injection PostgreSQL Tenant Isolation

Total Database Collapse: Inside the ElectricSQL CVSS 10.0 SQL Injection

Do Son April 22, 2026

ElectricSQL, the popular sync engine used to power modern real-time applications, has disclosed a catastrophic SQL injection...

Critical 9.1 SQL Injection Threatens Vendure Core Stores Vendure SQL Injection Shop API Vulnerability

Critical 9.1 SQL Injection Threatens Vendure Core Stores

Do Son April 15, 2026

Vendure Core, the open-source engine powering the enterprise commerce platform Vendure, has recently addressed a high-severity security...

10.0 CVSS Flaw in Kestra Grants Full Server Control Kestra RCE SQL Injection Vulnerability

10.0 CVSS Flaw in Kestra Grants Full Server Control

Do Son April 7, 2026

A critical security vulnerability has been unmasked in Kestra, the popular open-source, event-driven orchestration platform. The flaw,...

Major Security Overhaul for Apache Superset: Five Vulnerabilities Patched CVE-2024-55633 Apache Superset Security CVE-2026-23984

Major Security Overhaul for Apache Superset: Five Vulnerabilities Patched

Do Son February 26, 2026

Apache Superset is a modern data exploration and data visualization platform. Superset can replace or augment proprietary...

PostgreSQL Fixes 5 Security Flaws Including Critical Code Execution Risks PostgreSQL Vulnerabilities CVE-2026-2006 PostgreSQL, security update CVE-2023-5869 - CVE-2025-1094

PostgreSQL Vulnerabilities CVE-2026-2006 PostgreSQL, security update CVE-2023-5869 - CVE-2025-1094

PostgreSQL Fixes 5 Security Flaws Including Critical Code Execution Risks

Do Son February 18, 2026

The PostgreSQL Global Development Group has issued a critical alert for database administrators worldwide, releasing a comprehensive...

Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore

Do Son December 15, 2025

A critical security vulnerability has been discovered in pgAdmin, the world’s most popular open-source management tool for...

Django Flaw (CVE-2025-13372) Allows SQL Injection in PostgreSQL FilteredRelation Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Flaw (CVE-2025-13372) Allows SQL Injection in PostgreSQL FilteredRelation

Do Son December 3, 2025

The maintainers of Django, the high-level Python web framework that powers some of the internet’s largest sites,...

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files CVE-2023-5002 pgAdmin RCE, LDAP Injection

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files

Do Son November 17, 2025

The pgAdmin development team has issued patches addressing four newly disclosed security vulnerabilities impacting pgAdmin versions up...

CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk MySQL Attacks, UDF Exploitation pREST, SQL injection

CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

Do Son September 9, 2025

The pREST project has issued a security advisory for CVE-2025-58450, a systemic SQL injection flaw that threatens...

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks CVE-2024-2044 pgAdmin, OAuth vulnerability

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks

Do Son September 8, 2025

The developers of pgAdmin, the most widely used open-source administration and development platform for PostgreSQL, have patched...

PostgreSQL Issues Urgent Security Fixes for High-Severity RCE Flaws in Core Utilities PostgreSQL Vulnerabilities CVE-2026-2006 PostgreSQL, security update CVE-2023-5869 - CVE-2025-1094

PostgreSQL Issues Urgent Security Fixes for High-Severity RCE Flaws in Core Utilities

Do Son August 18, 2025

The PostgreSQL Global Development Group has announced a major security update affecting all supported versions of the...

Soco404: New Stealthy Cryptojacking Campaign Exploits Cloud Misconfigurations and PostgreSQL to Mine Crypto

Do Son July 25, 2025

Wiz Research has uncovered a persistent and evolving cryptojacking operation known as “Soco404,” a campaign that exploits...

PHP Flaws: CVE-2025-1735 (SQLi/Crash) & CVE-2025-6491 (SOAP DoS) Threaten PHP Apps PHP Vulnerabilities, SQLi DoS CVE-2024-8932 & CVE-2024-8929

PHP Flaws: CVE-2025-1735 (SQLi/Crash) & CVE-2025-6491 (SOAP DoS) Threaten PHP Apps

Do Son July 4, 2025

The PHP project has released security patches addressing two vulnerabilities that expose PHP-based applications to SQL injection...

DataEase Vulnerabilities, Remote Code Execution

Multi DataEase Flaws: RCE & Bypass Vulnerabilities Threaten BI Platform via JDBC

Do Son July 2, 2025

DataEase, an open-source business intelligence (BI) platform known for its ease of use and data visualization capabilities,...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

PostgreSQL

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine

Critical 9.4 CVSS pgAdmin 4 Flaws Enable Full OS Command Execution

Critical LiteLLM SQL Injection (CVE-2026-42208) Exploited in the Wild

Total Database Collapse: Inside the ElectricSQL CVSS 10.0 SQL Injection

Critical 9.1 SQL Injection Threatens Vendure Core Stores

10.0 CVSS Flaw in Kestra Grants Full Server Control

Major Security Overhaul for Apache Superset: Five Vulnerabilities Patched

PostgreSQL Fixes 5 Security Flaws Including Critical Code Execution Risks

Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore

Django Flaw (CVE-2025-13372) Allows SQL Injection in PostgreSQL FilteredRelation

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files

CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks

PostgreSQL Issues Urgent Security Fixes for High-Severity RCE Flaws in Core Utilities

PHP Flaws: CVE-2025-1735 (SQLi/Crash) & CVE-2025-6491 (SOAP DoS) Threaten PHP Apps

Multi DataEase Flaws: RCE & Bypass Vulnerabilities Threaten BI Platform via JDBC